Initial commit

.github/ISSUE_TEMPLATE/1-bug-report.yml

@@ -0,0 +1,67 @@
+name: 🐞 Bug
+description: Something isn't working as expected 💔
+title: "[Bug] <title>"
+labels: ["bug"]
+assignees:
+  - paliwalvimal
+body:
+- type: checkboxes
+  attributes:
+    label: Prerequisites
+    description: Please answer the following questions for yourself before submitting an issue
+    options:
+    - label: I am running the latest version
+      required: true
+    - label: I read the documentation properly and found no answer
+      required: true
+    - label: I have checked to make sure that this issue has not already been filed
+      required: true
+- type: textarea
+  attributes:
+    label: Expected Behavior
+    description: A concise description of what you expected to happen
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Current Behavior
+    description: A concise description of what you're experiencing
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Steps To Reproduce
+    description: Steps to reproduce the behavior
+    placeholder: |
+      1. In this environment...
+      2. With this config...
+      3. Run '...'
+      4. See error...
+  validations:
+    required: false
+- type: textarea
+  attributes:
+    label: Environment
+    description: |
+      Example:
+        - **Operating System**: Ubuntu 20.04
+        - **Terraform Version**: 1.4.0
+        - **Provider version**: v2.16.0 (AWS Provider Version)
+        - **Module Version**: v1.0.0
+    value: |
+        - Operating System:
+        - Terraform Version:
+        - Provider version:
+        - Module Version:
+    render: markdown
+  validations:
+    required: false
+- type: textarea
+  attributes:
+    label: Anything else?
+    description: |
+      Links? References? Anything that will give us more context about the issue you are encountering
+
+      Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in
+  validations:
+    required: false

.github/ISSUE_TEMPLATE/2-feature-request.yml

@@ -0,0 +1,39 @@
+name: 💡 Feature request
+description: I have a suggestion (and may want to implement it 🙂)!
+title: "[Feature] <title>"
+labels: ["feature", "enhancement"]
+body:
+- type: checkboxes
+  attributes:
+    label: Prerequisites
+    description: Please answer the following questions for yourself before submitting an issue
+    options:
+    - label: I have checked to make sure that this issue has not already been filed
+      required: true
+- type: textarea
+  attributes:
+    label: Is your feature request related to a problem? Please describe the problem
+    description: A clear and concise description of what the problem is
+  validations:
+    required: false
+- type: textarea
+  attributes:
+    label: Describe the solution you'd like
+    description: |
+      A clear and concise description of what you want to happen
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Describe any alternatives you've considered
+    description: |
+      A clear and concise description of any alternative solutions or features you've considered
+  validations:
+    required: false
+- type: textarea
+  attributes:
+    label: Additional context
+    description: |
+      Add any other context or screenshots about the feature request here
+  validations:
+    required: false

.github/pull_request_template.md

@@ -0,0 +1,25 @@
+<!-- Thank you for submitting a pull request to our repo -->
+
+## Prerequisites
+- [ ] There is an open issue for the PR that you are making. If not, please open an issue to discuss the change or find an existing issue.
+
+## What kind of change does this PR introduce? (check one)
+- [ ] Bug fix
+- [ ] Feature Request
+
+## Does this PR introduce a breaking change? (check one)
+- [ ] Yes
+- [ ] No
+
+## Description
+<!-- Please include a summary of the change and/or which issue is fixed  -->
+
+
+---
+
+## Additional context
+<!-- Add any other context or screenshots about the pull request here -->
+
+---
+
+Fixes #{ISSUE_NUMBER}

.github/workflows/checkov.yml

@@ -0,0 +1,26 @@
+name: checkov
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python 3.9
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.9
+      - name: Scan with Checkov
+        id: checkov
+        uses: bridgecrewio/checkov-action@v12
+        with:
+          directory: .
+          framework: terraform
+          quiet: true
+          download_external_modules: false
+          output_format: cli,sarif
+          output_file_path: console,results.sarif
+          skip_path: examples

.github/workflows/release.yml

@@ -0,0 +1,46 @@
+name: release
+on:
+  push:
+    tags:
+      - v*
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v2
+      - name: Terraform Init
+        id: init
+        run: terraform init
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate
+  checkov:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python 3.9
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.9
+      - name: Scan with Checkov
+        id: checkov
+        uses: bridgecrewio/checkov-action@v12
+        with:
+          directory: .
+          framework: terraform
+          quiet: true
+          download_external_modules: false
+          output_format: cli,sarif
+          output_file_path: console,results.sarif
+          skip_path: examples
+  release:
+    runs-on: ubuntu-latest
+    needs: [test, checkov]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: "marvinpinto/action-automatic-releases@919008cf3f741b179569b7a6fb4d8860689ab7f0" # v1.2.1
+        with:
+          repo_token: "${{ secrets.GITHUB_TOKEN }}"
+          prerelease: false

.github/workflows/tests.yml

@@ -0,0 +1,19 @@
+name: tests
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v2
+      - name: Terraform Init
+        id: init
+        run: terraform init
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate

.gitignore

@@ -0,0 +1,37 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Lock file
+*.lock.hcl

.pre-commit-config.yaml

@@ -0,0 +1,35 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.4.0
+  hooks:
+  - id: trailing-whitespace
+  - id: end-of-file-fixer
+  - id: check-yaml
+  - id: check-json
+  - id: check-symlinks
+  - id: detect-private-key
+  - id: no-commit-to-branch
+- repo: https://github.com/gitleaks/gitleaks
+  rev: v8.16.1
+  hooks:
+    - id: gitleaks
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.81.0
+  hooks:
+    - id: terraform_fmt
+    - id: terraform_validate
+      exclude: examples/
+    - id: terraform_tflint
+      exclude: examples/
+      args:
+        - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl --fix
+- repo: https://github.com/bridgecrewio/checkov.git
+  rev: "2.3.314"
+  hooks:
+    - id: checkov
+      args: ["--quiet", "--compact", "--framework", "terraform", "--download-external-modules", "false", "--skip-path", "examples"]
+- repo: https://github.com/terraform-docs/terraform-docs
+  rev: v0.16.0
+  hooks:
+    - id: terraform-docs-go
+      args: ["."]

.terraform-docs.yml

@@ -0,0 +1,63 @@
+formatter: "markdown table" # this is required
+
+header-from: .tf-header.md
+footer-from: .tf-footer.md
+
+recursive:
+  enabled: false
+  path: modules
+
+sections:
+  hide:
+  - resources
+  - data-sources
+  - modules
+  - providers
+
+content: |-
+  {{ .Header }}
+
+  # Usage Instructions
+  ## Example
+  ```hcl
+  {{ include "examples/default.tf" }}
+  ```
+
+  {{ .Requirements }}
+
+  {{ .Inputs }}
+
+  {{ .Outputs }}
+
+  {{ .Footer }}
+
+output:
+  file: README.md
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+output-values:
+  enabled: false
+  from: ""
+
+sort:
+  enabled: true
+  by: name
+
+settings:
+  anchor: false
+  color: true
+  default: true
+  description: false
+  escape: false
+  hide-empty: false
+  html: false
+  indent: 2
+  lockfile: false # because .terraform.lock.hcl is not checked in the repository
+  read-comments: true
+  required: true
+  sensitive: false
+  type: true

.tf-header.md

@@ -0,0 +1,5 @@
+# Title
+
+![License](https://img.shields.io/github/license/terrablocks/REPO_NAME?style=for-the-badge) ![Tests](https://img.shields.io/github/actions/workflow/status/terrablocks/REPO_NAME/tests.yml?branch=main&label=Test&style=for-the-badge) ![Checkov](https://img.shields.io/github/actions/workflow/status/terrablocks/REPO_NAME/checkov.yml?branch=main&label=Checkov&style=for-the-badge) ![Commit](https://img.shields.io/github/last-commit/terrablocks/REPO_NAME?style=for-the-badge) ![Release](https://img.shields.io/github/v/release/terrablocks/REPO_NAME?style=for-the-badge)
+
+This terraform module will deploy the following services:

.tflint.hcl

@@ -0,0 +1,10 @@
+plugin "aws" {
+  enabled = true
+  version = "0.24.3"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
+
+plugin "terraform" {
+  enabled = true
+  preset  = "all"
+}